June 19, 2018
Press Release

WASHINGTON, DC Congressmen Ted W. Lieu (D-Los Angeles County) and Will Hurd (R-TX) sent a letter to the Chief Administrative Officer in the U.S. House of Representative urging him to implement multi-factor authentication (MFA) across House networks and platforms. MFA improves information security and can help reduce the House’s susceptibility to cyberattacks.

In the letter, the Members write:

  • We have worked hard to raise awareness about the unique cybersecurity threats facing the United States Congress. Any large, decentralized, and information-rich organization is likely to be the target of attempted intrusions. The House of Representatives, however, is particularly vulnerable to cyberattacks due to its large staff, global visibility, and the unique information its employees hold. As such, we write to you with regard to multi-factor authentication (MFA) and its potential to greatly improve the information security environment in the House.

  • We are deeply grateful for your ongoing work on information security both for on-site digital infrastructure as well as mobile infrastructure. Despite this important work, however, we believe we can and should do more.

  • As you know, MFA is a security measure that requires more than one method of authentication from different categories of credentials in order to access information. For example, a MFA system might require someone to input a password, insert a security token, or submit a biometric scan in order to access a network. Such measures in conjunction with one another can reduce risk while affording organizations flexibility – for example, by allowing the level of access and authentication credentials to fluctuate depending on the type of information that someone is trying to access.

  • Full adoption of multi-factor authentication in the House would be a boon to both U.S. national security as well as the personal security of Members and staff. Below, please find a list of questions we have drafted regarding MFA.

  1. Do you believe adoption of multi-factor authentication would improve the information security environment in the House? If so, how would the House uniquely benefit from MFA?

  2. What might different forms of MFA look like in practice?

  3. Have CAO or CISO taken steps to examine possible implementation of MFA, including exploring relationships with vendors that provide MFA services?

  4. What needs to happen, both technically and procedurally, to prepare for MFA adoption in the House?

  5. What challenges exist with regard to shifting a large organization toward full adoption of MFA? What unique challenges to adoption would the House face, and how might we overcome them?